Vulnerability-Lookup

CVE-2015-3330 (GCVE-0-2015-3330)

Vulnerability from cvelistv5 – Published: 2015-06-09 18:00 – Updated: 2024-08-06 05:47

Summary

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

21 references

URL	Tags
http://rhn.redhat.com/errata/RHSA-2015-1187.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-1186.html	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/74204	vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1033703	vdb-entryx_refsource_SECTRACK
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://php.net/ChangeLog-5.php	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://support.apple.com/HT205267	x_refsource_CONFIRM
https://bugs.php.net/bug.php?id=69218	x_refsource_CONFIRM
https://bugs.php.net/bug.php?id=68486	x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2572-1	vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2015-1135.html	vendor-advisoryx_refsource_REDHAT
https://support.apple.com/kb/HT205031	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://openwall.com/lists/oss-security/2015/04/17/7	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/201606-10	vendor-advisoryx_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2015-1066.html	vendor-advisoryx_refsource_REDHAT

Date Public ?

2015-04-16 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.725Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:1187",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
          },
          {
            "name": "RHSA-2015:1186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
          },
          {
            "name": "74204",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74204"
          },
          {
            "name": "1033703",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033703"
          },
          {
            "name": "APPLE-SA-2015-09-30-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://php.net/ChangeLog-5.php"
          },
          {
            "name": "SUSE-SU-2015:0868",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205267"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=69218"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=68486"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7"
          },
          {
            "name": "USN-2572-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2572-1"
          },
          {
            "name": "RHSA-2015:1135",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "name": "openSUSE-SU-2015:0855",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
          },
          {
            "name": "[oss-security] 20150417 Re: CVE Request: PHP potential remote code execution with apache 2.4 apache2handler",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/04/17/7"
          },
          {
            "name": "GLSA-201606-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-10"
          },
          {
            "name": "RHSA-2015:1066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2015:1187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
        },
        {
          "name": "RHSA-2015:1186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
        },
        {
          "name": "74204",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74204"
        },
        {
          "name": "1033703",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033703"
        },
        {
          "name": "APPLE-SA-2015-09-30-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://php.net/ChangeLog-5.php"
        },
        {
          "name": "SUSE-SU-2015:0868",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205267"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=69218"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=68486"
        },
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7"
        },
        {
          "name": "USN-2572-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2572-1"
        },
        {
          "name": "RHSA-2015:1135",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT205031"
        },
        {
          "name": "openSUSE-SU-2015:0855",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
        },
        {
          "name": "[oss-security] 20150417 Re: CVE Request: PHP potential remote code execution with apache 2.4 apache2handler",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/04/17/7"
        },
        {
          "name": "GLSA-201606-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-10"
        },
        {
          "name": "RHSA-2015:1066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3330",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:1187",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
            },
            {
              "name": "RHSA-2015:1186",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
            },
            {
              "name": "74204",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74204"
            },
            {
              "name": "1033703",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033703"
            },
            {
              "name": "APPLE-SA-2015-09-30-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "http://php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "url": "http://php.net/ChangeLog-5.php"
            },
            {
              "name": "SUSE-SU-2015:0868",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
            },
            {
              "name": "https://support.apple.com/HT205267",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205267"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=69218",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=69218"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=68486",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=68486"
            },
            {
              "name": "APPLE-SA-2015-08-13-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
            },
            {
              "name": "http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7",
              "refsource": "CONFIRM",
              "url": "http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7"
            },
            {
              "name": "USN-2572-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2572-1"
            },
            {
              "name": "RHSA-2015:1135",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
            },
            {
              "name": "https://support.apple.com/kb/HT205031",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT205031"
            },
            {
              "name": "openSUSE-SU-2015:0855",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
            },
            {
              "name": "[oss-security] 20150417 Re: CVE Request: PHP potential remote code execution with apache 2.4 apache2handler",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2015/04/17/7"
            },
            {
              "name": "GLSA-201606-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201606-10"
            },
            {
              "name": "RHSA-2015:1066",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3330",
    "datePublished": "2015-06-09T18:00:00.000Z",
    "dateReserved": "2015-04-17T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:47:57.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-3330",
      "date": "2026-05-20",
      "epss": "0.38958",
      "percentile": "0.97326"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC7A498A-A669-4C42-8134-86103C799D13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"104DA87B-DEE4-4262-AE50-8E6BC43B228B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B1C288F-326B-497B-B26C-D26E01262DDB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.10.4\", \"matchCriteriaId\": \"7883E465-932D-4C11-AA54-97E44181F906\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C84489B-B08C-4854-8A12-D01B6E45CF79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E8CD4EF-DC90-40BB-A721-6EC087507906\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.4.39\", \"matchCriteriaId\": \"1228E622-0524-4254-BA07-6EED39637EA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F6D9B19-E64D-4BED-9194-17460CE19E6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D25E591-448C-4E3B-8557-6E48F7571796\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DA18F3F-B4B5-40C3-BF19-67C1F0C1787D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AF783C9-26E7-4E02-BD41-77B9783667E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF49701D-ECE4-4CEB-BDAB-24C09C8AD4B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AEDF6F7-001D-4A35-A26F-417991AD377F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*\", \"matchCriteriaId\": \"4031DB99-B4B4-41EC-B3C1-543D92C575A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5450EA7-A398-49D2-AA8E-7C95B074BAB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"04FE0E4E-BC94-4DC9-BE9B-DC57B952B2FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB8E09D8-9CBE-4279-88B7-24A214A5A537\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D41ECCE-887D-49A2-9BB3-B559495AC55B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"79B418BC-27F4-4443-A0F7-FF4ADA568C1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EEBDF62-BA1B-4438-9AEA-8B56AA5713E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F644EA6C-50C6-4A1C-A4AC-287AA9477B46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DD47F30-74F5-48E8-8657-C2373FE2BD22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C09527B-6B47-41F8-BDE6-01C47E452286\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E454D87-23CB-4D7F-90FE-942EE54D661F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1031E646-F2CF-4A3E-8E6A-5D4BC950BEDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"130E50C1-D209-4CFF-9399-69D561340FBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1F29948-9417-460B-8B04-D91AE4E8B423\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A37D00C1-4F41-4400-9CE4-8E8BAA3E4142\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"093D08B7-CC3C-4616-8697-F15B253A7D9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9CD8FEE-DE7B-47CB-9985-4092BFA071D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A30B2D9E-F289-43C9-BFBC-1CEF284A417E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE41CFDF-8ECD-41C1-94A7-5AFD42C5DDEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AEAC9BA-AF82-4345-839C-D339DCB962A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EFE682F-52E3-48EC-A993-F522FC29712F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC63A449-5D92-4F5F-8186-B58FFFBA54FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F18236F6-2065-4A6A-93E7-FD90E650C689\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEFBA84A-A4E4-438B-B9B5-8549809DCECC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"146D3DC9-50F4-430B-B321-68ECE78879A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D5A7CA6-7653-46C5-8DF7-95584BF7A879\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5BA8300-2F4D-4C1E-8CCE-F45E8F3547A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BF4E8FF-A3EC-43E8-A0C1-FD38AFCB77B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"54ADECFC-3C07-43BC-B296-6C25AC7F1C95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE192054-2FBB-4388-A52A-422E20DEA2D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0195D48-3B42-4AC0-B9C5-436E01C63879\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF0E5D67-ABC1-41A5-94E1-7DD3CDB51D81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"319E0573-B1AD-40B6-B4BC-8BE67ED3EFDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A7C00EB-87B7-4EB7-A4AC-8665D8C78467\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"21BFCF10-786A-4D1E-9C37-50A1EC6056F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"95A6D6C8-5F46-4897-A0B0-778631E8CE6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE18933A-5FE6-41C7-B1B6-DA3E762C3FB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AE1289F-03A6-4621-B387-5F5ADAC4AE92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"383697F5-D29E-475A-84F3-46B54A928889\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"786ED182-5D71-4197-9196-12AB5CF05F85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF90980D-74AD-44AA-A7C5-A0B294CCE4F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48D6B69C-8F27-4F4C-B953-67A7F9C2FBA5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \\\"deconfigured interpreter.\\\"\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n php_handler en sapi/apache2handler/sapi_apache2.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8, cuando Apache HTTP Server 2.4.x est\\u00e1 utilizado, permite a atacantes remotos causar una denegaci\\u00f3n de servicio (ca\\u00edda de aplicaci\\u00f3n) o posiblemente ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de solicitudes HTTP segmentadas que resultan en un \u0027interprete desconfigurado.\u0027\"}]",
      "id": "CVE-2015-3330",
      "lastModified": "2024-11-21T02:29:10.510",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-06-09T18:59:03.613",
      "references": "[{\"url\": \"http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://openwall.com/lists/oss-security/2015/04/17/7\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://php.net/ChangeLog-5.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1066.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1135.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1186.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1187.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74204\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1033703\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2572-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.php.net/bug.php?id=68486\", \"source\": \"cve@mitre.org\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://bugs.php.net/bug.php?id=69218\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://security.gentoo.org/glsa/201606-10\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT205267\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT205031\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://openwall.com/lists/oss-security/2015/04/17/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://php.net/ChangeLog-5.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1066.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1135.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1186.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1187.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74204\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1033703\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2572-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.php.net/bug.php?id=68486\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://bugs.php.net/bug.php?id=69218\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://security.gentoo.org/glsa/201606-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT205267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT205031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3330\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-06-09T18:59:03.613\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \\\"deconfigured interpreter.\\\"\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n php_handler en sapi/apache2handler/sapi_apache2.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8, cuando Apache HTTP Server 2.4.x est\u00e1 utilizado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de solicitudes HTTP segmentadas que resultan en un \u0027interprete desconfigurado.\u0027\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC7A498A-A669-4C42-8134-86103C799D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104DA87B-DEE4-4262-AE50-8E6BC43B228B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B1C288F-326B-497B-B26C-D26E01262DDB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.10.4\",\"matchCriteriaId\":\"7883E465-932D-4C11-AA54-97E44181F906\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C84489B-B08C-4854-8A12-D01B6E45CF79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E8CD4EF-DC90-40BB-A721-6EC087507906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.4.39\",\"matchCriteriaId\":\"1228E622-0524-4254-BA07-6EED39637EA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F6D9B19-E64D-4BED-9194-17460CE19E6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D25E591-448C-4E3B-8557-6E48F7571796\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DA18F3F-B4B5-40C3-BF19-67C1F0C1787D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AF783C9-26E7-4E02-BD41-77B9783667E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF49701D-ECE4-4CEB-BDAB-24C09C8AD4B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AEDF6F7-001D-4A35-A26F-417991AD377F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4031DB99-B4B4-41EC-B3C1-543D92C575A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5450EA7-A398-49D2-AA8E-7C95B074BAB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"04FE0E4E-BC94-4DC9-BE9B-DC57B952B2FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB8E09D8-9CBE-4279-88B7-24A214A5A537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D41ECCE-887D-49A2-9BB3-B559495AC55B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"79B418BC-27F4-4443-A0F7-FF4ADA568C1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EEBDF62-BA1B-4438-9AEA-8B56AA5713E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F644EA6C-50C6-4A1C-A4AC-287AA9477B46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DD47F30-74F5-48E8-8657-C2373FE2BD22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C09527B-6B47-41F8-BDE6-01C47E452286\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E454D87-23CB-4D7F-90FE-942EE54D661F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1031E646-F2CF-4A3E-8E6A-5D4BC950BEDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"130E50C1-D209-4CFF-9399-69D561340FBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1F29948-9417-460B-8B04-D91AE4E8B423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A37D00C1-4F41-4400-9CE4-8E8BAA3E4142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"093D08B7-CC3C-4616-8697-F15B253A7D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9CD8FEE-DE7B-47CB-9985-4092BFA071D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A30B2D9E-F289-43C9-BFBC-1CEF284A417E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE41CFDF-8ECD-41C1-94A7-5AFD42C5DDEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AEAC9BA-AF82-4345-839C-D339DCB962A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EFE682F-52E3-48EC-A993-F522FC29712F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC63A449-5D92-4F5F-8186-B58FFFBA54FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F18236F6-2065-4A6A-93E7-FD90E650C689\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEFBA84A-A4E4-438B-B9B5-8549809DCECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"146D3DC9-50F4-430B-B321-68ECE78879A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D5A7CA6-7653-46C5-8DF7-95584BF7A879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5BA8300-2F4D-4C1E-8CCE-F45E8F3547A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF4E8FF-A3EC-43E8-A0C1-FD38AFCB77B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"54ADECFC-3C07-43BC-B296-6C25AC7F1C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE192054-2FBB-4388-A52A-422E20DEA2D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0195D48-3B42-4AC0-B9C5-436E01C63879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF0E5D67-ABC1-41A5-94E1-7DD3CDB51D81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"319E0573-B1AD-40B6-B4BC-8BE67ED3EFDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A7C00EB-87B7-4EB7-A4AC-8665D8C78467\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BFCF10-786A-4D1E-9C37-50A1EC6056F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"95A6D6C8-5F46-4897-A0B0-778631E8CE6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE18933A-5FE6-41C7-B1B6-DA3E762C3FB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AE1289F-03A6-4621-B387-5F5ADAC4AE92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"383697F5-D29E-475A-84F3-46B54A928889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"786ED182-5D71-4197-9196-12AB5CF05F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF90980D-74AD-44AA-A7C5-A0B294CCE4F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48D6B69C-8F27-4F4C-B953-67A7F9C2FBA5\"}]}]}],\"references\":[{\"url\":\"http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://openwall.com/lists/oss-security/2015/04/17/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://php.net/ChangeLog-5.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1066.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1135.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1186.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1187.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74204\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1033703\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2572-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.php.net/bug.php?id=68486\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://bugs.php.net/bug.php?id=69218\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://security.gentoo.org/glsa/201606-10\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT205267\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openwall.com/lists/oss-security/2015/04/17/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://php.net/ChangeLog-5.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1066.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1135.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1186.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1187.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74204\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1033703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2572-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.php.net/bug.php?id=68486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://bugs.php.net/bug.php?id=69218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://security.gentoo.org/glsa/201606-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2015-AVI-187

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans PHP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
PHP	PHP	PHP 5.5.x versions antérieures à 5.5.24
PHP	PHP	PHP 5.6.x versions antérieures à 5.6.8
PHP	PHP	PHP 5.4.x versions antérieures à 5.4.40

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-2572-1 du 20 avril 2015	None	vendor-advisory
Changelog PHP du 16 Avril 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP 5.5.x versions ant\u00e9rieures \u00e0 5.5.24",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 5.6.x versions ant\u00e9rieures \u00e0 5.6.8",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 5.4.x versions ant\u00e9rieures \u00e0 5.4.40",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
    },
    {
      "name": "CVE-2015-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2305"
    },
    {
      "name": "CVE-2015-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
    },
    {
      "name": "CVE-2015-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
    },
    {
      "name": "CVE-2015-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
    },
    {
      "name": "CVE-2015-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-187",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHP\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2572-1 du 20 avril 2015",
      "url": "http://www.ubuntu.com/usn/usn-2572-1/"
    },
    {
      "published_at": null,
      "title": "Changelog PHP du 16 Avril 2015",
      "url": "http://php.net/ChangeLog-5.php"
    }
  ]
}

CERTFR-2015-AVI-355

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks versions antérieures à 10.9.5
Apple	N/A	OS X Mountain Lion versions antérieures à 10.8.5
Apple	N/A	OS X Yosemite versions antérieures à 10.10.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205031 du 13 août 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks versions ant\u00e9rieures \u00e0 10.9.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Mountain Lion versions ant\u00e9rieures \u00e0 10.8.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite versions ant\u00e9rieures \u00e0 10.10.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-4024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4024"
    },
    {
      "name": "CVE-2015-3768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3768"
    },
    {
      "name": "CVE-2015-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3799"
    },
    {
      "name": "CVE-2015-3307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3307"
    },
    {
      "name": "CVE-2015-3153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3153"
    },
    {
      "name": "CVE-2015-4148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4148"
    },
    {
      "name": "CVE-2015-3789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3789"
    },
    {
      "name": "CVE-2015-4026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4026"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2015-3757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3757"
    },
    {
      "name": "CVE-2015-5782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5782"
    },
    {
      "name": "CVE-2015-3773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3773"
    },
    {
      "name": "CVE-2014-0191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0191"
    },
    {
      "name": "CVE-2013-7040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7040"
    },
    {
      "name": "CVE-2015-3183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3183"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2014-3583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3583"
    },
    {
      "name": "CVE-2015-3782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3782"
    },
    {
      "name": "CVE-2014-3581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3581"
    },
    {
      "name": "CVE-2015-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3805"
    },
    {
      "name": "CVE-2015-3765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3765"
    },
    {
      "name": "CVE-2015-5779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5779"
    },
    {
      "name": "CVE-2009-5078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5078"
    },
    {
      "name": "CVE-2015-3766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3766"
    },
    {
      "name": "CVE-2015-3148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3148"
    },
    {
      "name": "CVE-2014-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3613"
    },
    {
      "name": "CVE-2015-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3807"
    },
    {
      "name": "CVE-2015-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3796"
    },
    {
      "name": "CVE-2013-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
    },
    {
      "name": "CVE-2014-7185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
    },
    {
      "name": "CVE-2014-0067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0067"
    },
    {
      "name": "CVE-2012-6685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6685"
    },
    {
      "name": "CVE-2015-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
    },
    {
      "name": "CVE-2015-3804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3804"
    },
    {
      "name": "CVE-2015-3764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3764"
    },
    {
      "name": "CVE-2015-5757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5757"
    },
    {
      "name": "CVE-2015-4025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4025"
    },
    {
      "name": "CVE-2015-5753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5753"
    },
    {
      "name": "CVE-2014-7844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7844"
    },
    {
      "name": "CVE-2015-5748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5748"
    },
    {
      "name": "CVE-2013-7422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
    },
    {
      "name": "CVE-2015-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0241"
    },
    {
      "name": "CVE-2015-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3800"
    },
    {
      "name": "CVE-2014-8151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8151"
    },
    {
      "name": "CVE-2015-3185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3185"
    },
    {
      "name": "CVE-2015-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0243"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2015-0244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0244"
    },
    {
      "name": "CVE-2014-8150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8150"
    },
    {
      "name": "CVE-2014-9140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9140"
    },
    {
      "name": "CVE-2015-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
    },
    {
      "name": "CVE-2014-3707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3707"
    },
    {
      "name": "CVE-2015-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3776"
    },
    {
      "name": "CVE-2009-5044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5044"
    },
    {
      "name": "CVE-2015-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3143"
    },
    {
      "name": "CVE-2014-0106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0106"
    },
    {
      "name": "CVE-2015-5750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5750"
    },
    {
      "name": "CVE-2015-3787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3787"
    },
    {
      "name": "CVE-2015-5751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5751"
    },
    {
      "name": "CVE-2015-3780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3780"
    },
    {
      "name": "CVE-2015-3802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3802"
    },
    {
      "name": "CVE-2013-7338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7338"
    },
    {
      "name": "CVE-2015-5781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5781"
    },
    {
      "name": "CVE-2014-9680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9680"
    },
    {
      "name": "CVE-2015-4022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4022"
    },
    {
      "name": "CVE-2015-3771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3771"
    },
    {
      "name": "CVE-2015-3806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3806"
    },
    {
      "name": "CVE-2015-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2015-3788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3788"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2015-5778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5778"
    },
    {
      "name": "CVE-2015-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3803"
    },
    {
      "name": "CVE-2015-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3772"
    },
    {
      "name": "CVE-2015-3762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3762"
    },
    {
      "name": "CVE-2015-3769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3769"
    },
    {
      "name": "CVE-2013-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2776"
    },
    {
      "name": "CVE-2015-3774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3774"
    },
    {
      "name": "CVE-2015-5758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5758"
    },
    {
      "name": "CVE-2015-5756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5756"
    },
    {
      "name": "CVE-2015-5761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5761"
    },
    {
      "name": "CVE-2015-5763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5763"
    },
    {
      "name": "CVE-2015-3770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3770"
    },
    {
      "name": "CVE-2015-3781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3781"
    },
    {
      "name": "CVE-2015-3145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3145"
    },
    {
      "name": "CVE-2013-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1776"
    },
    {
      "name": "CVE-2015-0228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0228"
    },
    {
      "name": "CVE-2015-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3144"
    },
    {
      "name": "CVE-2015-5783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5783"
    },
    {
      "name": "CVE-2015-5771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5771"
    },
    {
      "name": "CVE-2015-3775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3775"
    },
    {
      "name": "CVE-2015-3760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3760"
    },
    {
      "name": "CVE-2014-8161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8161"
    },
    {
      "name": "CVE-2015-3795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3795"
    },
    {
      "name": "CVE-2015-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0242"
    },
    {
      "name": "CVE-2014-8769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8769"
    },
    {
      "name": "CVE-2014-9365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
    },
    {
      "name": "CVE-2015-4021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4021"
    },
    {
      "name": "CVE-2015-5755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5755"
    },
    {
      "name": "CVE-2015-3761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3761"
    },
    {
      "name": "CVE-2015-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
    },
    {
      "name": "CVE-2015-3791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3791"
    },
    {
      "name": "CVE-2015-5772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5772"
    },
    {
      "name": "CVE-2015-5747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5747"
    },
    {
      "name": "CVE-2014-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3620"
    },
    {
      "name": "CVE-2015-3784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3784"
    },
    {
      "name": "CVE-2015-5774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5774"
    },
    {
      "name": "CVE-2015-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0253"
    },
    {
      "name": "CVE-2015-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3786"
    },
    {
      "name": "CVE-2015-3792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3792"
    },
    {
      "name": "CVE-2015-5776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5776"
    },
    {
      "name": "CVE-2015-5784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5784"
    },
    {
      "name": "CVE-2015-5775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5775"
    },
    {
      "name": "CVE-2015-4147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4147"
    },
    {
      "name": "CVE-2015-5754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5754"
    },
    {
      "name": "CVE-2014-8109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8109"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2015-5777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5777"
    },
    {
      "name": "CVE-2013-2777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2777"
    },
    {
      "name": "CVE-2015-3783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3783"
    },
    {
      "name": "CVE-2015-5773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5773"
    },
    {
      "name": "CVE-2015-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3794"
    },
    {
      "name": "CVE-2015-3777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3777"
    },
    {
      "name": "CVE-2015-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3797"
    },
    {
      "name": "CVE-2014-1912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1912"
    },
    {
      "name": "CVE-2014-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8767"
    },
    {
      "name": "CVE-2015-3767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3767"
    },
    {
      "name": "CVE-2015-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3790"
    },
    {
      "name": "CVE-2015-3779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3779"
    },
    {
      "name": "CVE-2015-5768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5768"
    },
    {
      "name": "CVE-2015-3778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3778"
    },
    {
      "name": "CVE-2015-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3798"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-355",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205031 du 13 ao\u00fbt 2015",
      "url": "https://support.apple.com/en-us/HT205031"
    }
  ]
}

CERTFR-2015-AVI-416

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple OS X versions antérieures à v10.11

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205267 du 30 septembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple OS X versions ant\u00e9rieures \u00e0 v10.11\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
    },
    {
      "name": "CVE-2015-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5885"
    },
    {
      "name": "CVE-2015-5851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5851"
    },
    {
      "name": "CVE-2015-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5870"
    },
    {
      "name": "CVE-2015-5873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5873"
    },
    {
      "name": "CVE-2015-3416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
    },
    {
      "name": "CVE-2015-5867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5867"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-5830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5830"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2015-3415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
    },
    {
      "name": "CVE-2015-5883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5883"
    },
    {
      "name": "CVE-2015-5523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5523"
    },
    {
      "name": "CVE-2015-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5914"
    },
    {
      "name": "CVE-2014-9652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9652"
    },
    {
      "name": "CVE-2015-5875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5875"
    },
    {
      "name": "CVE-2015-5860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5860"
    },
    {
      "name": "CVE-2015-5824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5824"
    },
    {
      "name": "CVE-2015-5872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5872"
    },
    {
      "name": "CVE-2014-9705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9705"
    },
    {
      "name": "CVE-2015-5522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5522"
    },
    {
      "name": "CVE-2015-5863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5863"
    },
    {
      "name": "CVE-2015-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1352"
    },
    {
      "name": "CVE-2014-9427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9427"
    },
    {
      "name": "CVE-2015-5833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5833"
    },
    {
      "name": "CVE-2015-5840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5840"
    },
    {
      "name": "CVE-2015-5915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5915"
    },
    {
      "name": "CVE-2015-5871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5871"
    },
    {
      "name": "CVE-2015-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
    },
    {
      "name": "CVE-2014-8090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
    },
    {
      "name": "CVE-2015-5836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5836"
    },
    {
      "name": "CVE-2015-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5868"
    },
    {
      "name": "CVE-2015-5891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5891"
    },
    {
      "name": "CVE-2015-5874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5874"
    },
    {
      "name": "CVE-2015-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2305"
    },
    {
      "name": "CVE-2015-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5887"
    },
    {
      "name": "CVE-2015-5902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5902"
    },
    {
      "name": "CVE-2015-5900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5900"
    },
    {
      "name": "CVE-2015-5858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5858"
    },
    {
      "name": "CVE-2015-3414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
    },
    {
      "name": "CVE-2015-5865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5865"
    },
    {
      "name": "CVE-2014-9425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9425"
    },
    {
      "name": "CVE-2014-8611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8611"
    },
    {
      "name": "CVE-2015-5879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5879"
    },
    {
      "name": "CVE-2015-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
    },
    {
      "name": "CVE-2015-5896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5896"
    },
    {
      "name": "CVE-2015-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2015-5839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5839"
    },
    {
      "name": "CVE-2015-5893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5893"
    },
    {
      "name": "CVE-2015-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
    },
    {
      "name": "CVE-2015-5853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5853"
    },
    {
      "name": "CVE-2015-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0231"
    },
    {
      "name": "CVE-2015-2301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2301"
    },
    {
      "name": "CVE-2015-5882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5882"
    },
    {
      "name": "CVE-2015-5878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5878"
    },
    {
      "name": "CVE-2015-5894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5894"
    },
    {
      "name": "CVE-2015-5831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5831"
    },
    {
      "name": "CVE-2015-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5869"
    },
    {
      "name": "CVE-2015-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1855"
    },
    {
      "name": "CVE-2015-5862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5862"
    },
    {
      "name": "CVE-2014-8147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8147"
    },
    {
      "name": "CVE-2015-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5889"
    },
    {
      "name": "CVE-2015-5866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5866"
    },
    {
      "name": "CVE-2015-5876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5876"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2015-5912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5912"
    },
    {
      "name": "CVE-2015-5877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5877"
    },
    {
      "name": "CVE-2015-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2331"
    },
    {
      "name": "CVE-2015-5922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5922"
    },
    {
      "name": "CVE-2015-5842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5842"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2015-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1351"
    },
    {
      "name": "CVE-2015-5849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5849"
    },
    {
      "name": "CVE-2015-5841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5841"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2015-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
    },
    {
      "name": "CVE-2015-3785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3785"
    },
    {
      "name": "CVE-2015-5913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5913"
    },
    {
      "name": "CVE-2014-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3618"
    },
    {
      "name": "CVE-2015-5899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5899"
    },
    {
      "name": "CVE-2015-5847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5847"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2015-5903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5903"
    },
    {
      "name": "CVE-2015-5864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5864"
    },
    {
      "name": "CVE-2015-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5917"
    },
    {
      "name": "CVE-2015-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0232"
    },
    {
      "name": "CVE-2015-5901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5901"
    },
    {
      "name": "CVE-2015-5854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5854"
    },
    {
      "name": "CVE-2015-5881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5881"
    },
    {
      "name": "CVE-2015-5897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5897"
    },
    {
      "name": "CVE-2015-5888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5888"
    },
    {
      "name": "CVE-2015-5890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5890"
    },
    {
      "name": "CVE-2015-5884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5884"
    },
    {
      "name": "CVE-2013-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3951"
    },
    {
      "name": "CVE-2014-9709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9709"
    },
    {
      "name": "CVE-2015-5855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5855"
    },
    {
      "name": "CVE-2015-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
    },
    {
      "name": "CVE-2014-8146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8146"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-416",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205267 du 30 septembre 2015",
      "url": "https://support.apple.com/en-us/HT205267"
    }
  ]
}

CERTFR-2015-AVI-187

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
PHP	PHP	PHP 5.5.x versions antérieures à 5.5.24
PHP	PHP	PHP 5.6.x versions antérieures à 5.6.8
PHP	PHP	PHP 5.4.x versions antérieures à 5.4.40

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-2572-1 du 20 avril 2015	None	vendor-advisory
Changelog PHP du 16 Avril 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP 5.5.x versions ant\u00e9rieures \u00e0 5.5.24",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 5.6.x versions ant\u00e9rieures \u00e0 5.6.8",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 5.4.x versions ant\u00e9rieures \u00e0 5.4.40",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
    },
    {
      "name": "CVE-2015-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2305"
    },
    {
      "name": "CVE-2015-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
    },
    {
      "name": "CVE-2015-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
    },
    {
      "name": "CVE-2015-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
    },
    {
      "name": "CVE-2015-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-187",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHP\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2572-1 du 20 avril 2015",
      "url": "http://www.ubuntu.com/usn/usn-2572-1/"
    },
    {
      "published_at": null,
      "title": "Changelog PHP du 16 Avril 2015",
      "url": "http://php.net/ChangeLog-5.php"
    }
  ]
}

CERTFR-2015-AVI-355

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks versions antérieures à 10.9.5
Apple	N/A	OS X Mountain Lion versions antérieures à 10.8.5
Apple	N/A	OS X Yosemite versions antérieures à 10.10.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205031 du 13 août 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks versions ant\u00e9rieures \u00e0 10.9.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Mountain Lion versions ant\u00e9rieures \u00e0 10.8.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite versions ant\u00e9rieures \u00e0 10.10.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-4024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4024"
    },
    {
      "name": "CVE-2015-3768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3768"
    },
    {
      "name": "CVE-2015-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3799"
    },
    {
      "name": "CVE-2015-3307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3307"
    },
    {
      "name": "CVE-2015-3153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3153"
    },
    {
      "name": "CVE-2015-4148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4148"
    },
    {
      "name": "CVE-2015-3789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3789"
    },
    {
      "name": "CVE-2015-4026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4026"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2015-3757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3757"
    },
    {
      "name": "CVE-2015-5782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5782"
    },
    {
      "name": "CVE-2015-3773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3773"
    },
    {
      "name": "CVE-2014-0191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0191"
    },
    {
      "name": "CVE-2013-7040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7040"
    },
    {
      "name": "CVE-2015-3183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3183"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2014-3583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3583"
    },
    {
      "name": "CVE-2015-3782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3782"
    },
    {
      "name": "CVE-2014-3581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3581"
    },
    {
      "name": "CVE-2015-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3805"
    },
    {
      "name": "CVE-2015-3765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3765"
    },
    {
      "name": "CVE-2015-5779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5779"
    },
    {
      "name": "CVE-2009-5078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5078"
    },
    {
      "name": "CVE-2015-3766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3766"
    },
    {
      "name": "CVE-2015-3148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3148"
    },
    {
      "name": "CVE-2014-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3613"
    },
    {
      "name": "CVE-2015-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3807"
    },
    {
      "name": "CVE-2015-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3796"
    },
    {
      "name": "CVE-2013-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
    },
    {
      "name": "CVE-2014-7185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
    },
    {
      "name": "CVE-2014-0067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0067"
    },
    {
      "name": "CVE-2012-6685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6685"
    },
    {
      "name": "CVE-2015-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
    },
    {
      "name": "CVE-2015-3804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3804"
    },
    {
      "name": "CVE-2015-3764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3764"
    },
    {
      "name": "CVE-2015-5757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5757"
    },
    {
      "name": "CVE-2015-4025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4025"
    },
    {
      "name": "CVE-2015-5753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5753"
    },
    {
      "name": "CVE-2014-7844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7844"
    },
    {
      "name": "CVE-2015-5748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5748"
    },
    {
      "name": "CVE-2013-7422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
    },
    {
      "name": "CVE-2015-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0241"
    },
    {
      "name": "CVE-2015-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3800"
    },
    {
      "name": "CVE-2014-8151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8151"
    },
    {
      "name": "CVE-2015-3185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3185"
    },
    {
      "name": "CVE-2015-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0243"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2015-0244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0244"
    },
    {
      "name": "CVE-2014-8150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8150"
    },
    {
      "name": "CVE-2014-9140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9140"
    },
    {
      "name": "CVE-2015-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
    },
    {
      "name": "CVE-2014-3707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3707"
    },
    {
      "name": "CVE-2015-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3776"
    },
    {
      "name": "CVE-2009-5044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5044"
    },
    {
      "name": "CVE-2015-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3143"
    },
    {
      "name": "CVE-2014-0106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0106"
    },
    {
      "name": "CVE-2015-5750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5750"
    },
    {
      "name": "CVE-2015-3787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3787"
    },
    {
      "name": "CVE-2015-5751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5751"
    },
    {
      "name": "CVE-2015-3780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3780"
    },
    {
      "name": "CVE-2015-3802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3802"
    },
    {
      "name": "CVE-2013-7338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7338"
    },
    {
      "name": "CVE-2015-5781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5781"
    },
    {
      "name": "CVE-2014-9680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9680"
    },
    {
      "name": "CVE-2015-4022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4022"
    },
    {
      "name": "CVE-2015-3771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3771"
    },
    {
      "name": "CVE-2015-3806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3806"
    },
    {
      "name": "CVE-2015-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2015-3788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3788"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2015-5778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5778"
    },
    {
      "name": "CVE-2015-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3803"
    },
    {
      "name": "CVE-2015-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3772"
    },
    {
      "name": "CVE-2015-3762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3762"
    },
    {
      "name": "CVE-2015-3769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3769"
    },
    {
      "name": "CVE-2013-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2776"
    },
    {
      "name": "CVE-2015-3774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3774"
    },
    {
      "name": "CVE-2015-5758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5758"
    },
    {
      "name": "CVE-2015-5756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5756"
    },
    {
      "name": "CVE-2015-5761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5761"
    },
    {
      "name": "CVE-2015-5763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5763"
    },
    {
      "name": "CVE-2015-3770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3770"
    },
    {
      "name": "CVE-2015-3781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3781"
    },
    {
      "name": "CVE-2015-3145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3145"
    },
    {
      "name": "CVE-2013-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1776"
    },
    {
      "name": "CVE-2015-0228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0228"
    },
    {
      "name": "CVE-2015-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3144"
    },
    {
      "name": "CVE-2015-5783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5783"
    },
    {
      "name": "CVE-2015-5771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5771"
    },
    {
      "name": "CVE-2015-3775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3775"
    },
    {
      "name": "CVE-2015-3760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3760"
    },
    {
      "name": "CVE-2014-8161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8161"
    },
    {
      "name": "CVE-2015-3795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3795"
    },
    {
      "name": "CVE-2015-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0242"
    },
    {
      "name": "CVE-2014-8769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8769"
    },
    {
      "name": "CVE-2014-9365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
    },
    {
      "name": "CVE-2015-4021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4021"
    },
    {
      "name": "CVE-2015-5755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5755"
    },
    {
      "name": "CVE-2015-3761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3761"
    },
    {
      "name": "CVE-2015-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
    },
    {
      "name": "CVE-2015-3791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3791"
    },
    {
      "name": "CVE-2015-5772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5772"
    },
    {
      "name": "CVE-2015-5747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5747"
    },
    {
      "name": "CVE-2014-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3620"
    },
    {
      "name": "CVE-2015-3784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3784"
    },
    {
      "name": "CVE-2015-5774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5774"
    },
    {
      "name": "CVE-2015-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0253"
    },
    {
      "name": "CVE-2015-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3786"
    },
    {
      "name": "CVE-2015-3792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3792"
    },
    {
      "name": "CVE-2015-5776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5776"
    },
    {
      "name": "CVE-2015-5784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5784"
    },
    {
      "name": "CVE-2015-5775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5775"
    },
    {
      "name": "CVE-2015-4147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4147"
    },
    {
      "name": "CVE-2015-5754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5754"
    },
    {
      "name": "CVE-2014-8109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8109"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2015-5777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5777"
    },
    {
      "name": "CVE-2013-2777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2777"
    },
    {
      "name": "CVE-2015-3783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3783"
    },
    {
      "name": "CVE-2015-5773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5773"
    },
    {
      "name": "CVE-2015-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3794"
    },
    {
      "name": "CVE-2015-3777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3777"
    },
    {
      "name": "CVE-2015-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3797"
    },
    {
      "name": "CVE-2014-1912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1912"
    },
    {
      "name": "CVE-2014-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8767"
    },
    {
      "name": "CVE-2015-3767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3767"
    },
    {
      "name": "CVE-2015-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3790"
    },
    {
      "name": "CVE-2015-3779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3779"
    },
    {
      "name": "CVE-2015-5768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5768"
    },
    {
      "name": "CVE-2015-3778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3778"
    },
    {
      "name": "CVE-2015-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3798"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-355",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205031 du 13 ao\u00fbt 2015",
      "url": "https://support.apple.com/en-us/HT205031"
    }
  ]
}

CERTFR-2015-AVI-416

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple OS X versions antérieures à v10.11

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205267 du 30 septembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple OS X versions ant\u00e9rieures \u00e0 v10.11\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
    },
    {
      "name": "CVE-2015-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5885"
    },
    {
      "name": "CVE-2015-5851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5851"
    },
    {
      "name": "CVE-2015-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5870"
    },
    {
      "name": "CVE-2015-5873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5873"
    },
    {
      "name": "CVE-2015-3416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
    },
    {
      "name": "CVE-2015-5867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5867"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-5830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5830"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2015-3415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
    },
    {
      "name": "CVE-2015-5883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5883"
    },
    {
      "name": "CVE-2015-5523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5523"
    },
    {
      "name": "CVE-2015-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5914"
    },
    {
      "name": "CVE-2014-9652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9652"
    },
    {
      "name": "CVE-2015-5875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5875"
    },
    {
      "name": "CVE-2015-5860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5860"
    },
    {
      "name": "CVE-2015-5824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5824"
    },
    {
      "name": "CVE-2015-5872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5872"
    },
    {
      "name": "CVE-2014-9705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9705"
    },
    {
      "name": "CVE-2015-5522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5522"
    },
    {
      "name": "CVE-2015-5863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5863"
    },
    {
      "name": "CVE-2015-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1352"
    },
    {
      "name": "CVE-2014-9427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9427"
    },
    {
      "name": "CVE-2015-5833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5833"
    },
    {
      "name": "CVE-2015-5840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5840"
    },
    {
      "name": "CVE-2015-5915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5915"
    },
    {
      "name": "CVE-2015-5871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5871"
    },
    {
      "name": "CVE-2015-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
    },
    {
      "name": "CVE-2014-8090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
    },
    {
      "name": "CVE-2015-5836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5836"
    },
    {
      "name": "CVE-2015-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5868"
    },
    {
      "name": "CVE-2015-5891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5891"
    },
    {
      "name": "CVE-2015-5874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5874"
    },
    {
      "name": "CVE-2015-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2305"
    },
    {
      "name": "CVE-2015-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5887"
    },
    {
      "name": "CVE-2015-5902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5902"
    },
    {
      "name": "CVE-2015-5900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5900"
    },
    {
      "name": "CVE-2015-5858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5858"
    },
    {
      "name": "CVE-2015-3414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
    },
    {
      "name": "CVE-2015-5865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5865"
    },
    {
      "name": "CVE-2014-9425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9425"
    },
    {
      "name": "CVE-2014-8611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8611"
    },
    {
      "name": "CVE-2015-5879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5879"
    },
    {
      "name": "CVE-2015-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
    },
    {
      "name": "CVE-2015-5896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5896"
    },
    {
      "name": "CVE-2015-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2015-5839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5839"
    },
    {
      "name": "CVE-2015-5893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5893"
    },
    {
      "name": "CVE-2015-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
    },
    {
      "name": "CVE-2015-5853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5853"
    },
    {
      "name": "CVE-2015-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0231"
    },
    {
      "name": "CVE-2015-2301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2301"
    },
    {
      "name": "CVE-2015-5882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5882"
    },
    {
      "name": "CVE-2015-5878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5878"
    },
    {
      "name": "CVE-2015-5894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5894"
    },
    {
      "name": "CVE-2015-5831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5831"
    },
    {
      "name": "CVE-2015-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5869"
    },
    {
      "name": "CVE-2015-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1855"
    },
    {
      "name": "CVE-2015-5862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5862"
    },
    {
      "name": "CVE-2014-8147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8147"
    },
    {
      "name": "CVE-2015-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5889"
    },
    {
      "name": "CVE-2015-5866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5866"
    },
    {
      "name": "CVE-2015-5876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5876"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2015-5912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5912"
    },
    {
      "name": "CVE-2015-5877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5877"
    },
    {
      "name": "CVE-2015-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2331"
    },
    {
      "name": "CVE-2015-5922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5922"
    },
    {
      "name": "CVE-2015-5842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5842"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2015-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1351"
    },
    {
      "name": "CVE-2015-5849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5849"
    },
    {
      "name": "CVE-2015-5841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5841"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2015-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
    },
    {
      "name": "CVE-2015-3785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3785"
    },
    {
      "name": "CVE-2015-5913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5913"
    },
    {
      "name": "CVE-2014-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3618"
    },
    {
      "name": "CVE-2015-5899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5899"
    },
    {
      "name": "CVE-2015-5847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5847"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2015-5903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5903"
    },
    {
      "name": "CVE-2015-5864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5864"
    },
    {
      "name": "CVE-2015-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5917"
    },
    {
      "name": "CVE-2015-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0232"
    },
    {
      "name": "CVE-2015-5901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5901"
    },
    {
      "name": "CVE-2015-5854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5854"
    },
    {
      "name": "CVE-2015-5881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5881"
    },
    {
      "name": "CVE-2015-5897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5897"
    },
    {
      "name": "CVE-2015-5888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5888"
    },
    {
      "name": "CVE-2015-5890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5890"
    },
    {
      "name": "CVE-2015-5884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5884"
    },
    {
      "name": "CVE-2013-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3951"
    },
    {
      "name": "CVE-2014-9709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9709"
    },
    {
      "name": "CVE-2015-5855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5855"
    },
    {
      "name": "CVE-2015-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
    },
    {
      "name": "CVE-2014-8146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8146"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-416",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205267 du 30 septembre 2015",
      "url": "https://support.apple.com/en-us/HT205267"
    }
  ]
}

BDU:2022-02529

Vulnerability from fstec - Published: 09.06.2015

Title

Уязвимость функции php_handler (sapi/apache2handler/sapi_apache2.c) интерпретатора языка программирования PHP, позволяющий нарушителю выполнить произвольный код

Description

Уязвимость функции php_handler (sapi/apache2handler/sapi_apache2.c) веб-сервера Apache HTTP Server, интерпретатора языка программирования PHP существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Vendor

Canonical Ltd., Red Hat Inc., Сообщество свободного программного обеспечения, PHP Group, Oracle Corp.

Software Name

Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, PHP, Solaris

Software Version

14.10 (Ubuntu), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 14.04 ESM (Ubuntu), 7 (Debian GNU/Linux), 5.6.0alpha2 (PHP), 5.6.0alpha3 (PHP), 5.6.2 (PHP), 5.6.0alpha4 (PHP), 5.6.0alpha5 (PHP), 5.6.3 (PHP), 5.6.0beta1 (PHP), 5.6.0beta2 (PHP), 5.6.0beta3 (PHP), 5.6.0beta4 (PHP), 5.6.4 (PHP), 5.6.5 (PHP), 5.6.6 (PHP), 5.6.0alpha1 (PHP), 5.6.7 (PHP), 5.5.0alpha3 (PHP), 5.5.0alpha4 (PHP), 5.5.0rc1 (PHP), 5.5.0rc2 (PHP), 5.5.20 (PHP), 5.5.21 (PHP), 5.5.0beta1 (PHP), 5.5.11 (PHP), 5.5.14 (PHP), 5.5.18 (PHP), 5.5.5 (PHP), 5.5.6 (PHP), 5.5.7 (PHP), 5.5.0alpha1 (PHP), 5.5.0alpha2 (PHP), 5.5.0beta4 (PHP), 5.5.19 (PHP), 5.5.2 (PHP), 5.5.8 (PHP), 5.5.9 (PHP), 5.5.0alpha5 (PHP), 5.5.0alpha6 (PHP), 5.5.1 (PHP), 5.5.10 (PHP), 5.5.3 (PHP), 5.5.4 (PHP), 5.5.23 (PHP), до 5.4.39 включительно (PHP), 6 (Debian GNU/Linux), 5.5.22 (PHP), 10.04 (Ubuntu), 11.2 (Solaris)

Possible Mitigations

Использование рекомендаций: http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7 http://php.net/ChangeLog-5.php Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3330.xml Для Ubuntu: https://ubuntu.com/security/CVE-2015-3330 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2015-3330

Reference

http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7 https://bugs.php.net/bug.php?id=69218 http://php.net/ChangeLog-5.php http://openwall.com/lists/oss-security/2015/04/17/7 https://bugs.php.net/bug.php?id=68486 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html https://support.apple.com/kb/HT205031 https://support.apple.com/HT205267 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1135.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/74204 https://security.gentoo.org/glsa/201606-10 http://rhn.redhat.com/errata/RHSA-2015-1186.html http://www.ubuntu.com/usn/USN-2572-1 http://www.securitytracker.com/id/1033703 http://rhn.redhat.com/errata/RHSA-2015-1066.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, PHP Group, Oracle Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.10 (Ubuntu), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 14.04 ESM (Ubuntu), 7 (Debian GNU/Linux), 5.6.0alpha2 (PHP), 5.6.0alpha3 (PHP), 5.6.2 (PHP), 5.6.0alpha4 (PHP), 5.6.0alpha5 (PHP), 5.6.3 (PHP), 5.6.0beta1 (PHP), 5.6.0beta2 (PHP), 5.6.0beta3 (PHP), 5.6.0beta4 (PHP), 5.6.4 (PHP), 5.6.5 (PHP), 5.6.6 (PHP), 5.6.0alpha1 (PHP), 5.6.7 (PHP), 5.5.0alpha3 (PHP), 5.5.0alpha4 (PHP), 5.5.0rc1 (PHP), 5.5.0rc2 (PHP), 5.5.20 (PHP), 5.5.21 (PHP), 5.5.0beta1 (PHP), 5.5.11 (PHP), 5.5.14 (PHP), 5.5.18 (PHP), 5.5.5 (PHP), 5.5.6 (PHP), 5.5.7 (PHP), 5.5.0alpha1 (PHP), 5.5.0alpha2 (PHP), 5.5.0beta4 (PHP), 5.5.19 (PHP), 5.5.2 (PHP), 5.5.8 (PHP), 5.5.9 (PHP), 5.5.0alpha5 (PHP), 5.5.0alpha6 (PHP), 5.5.1 (PHP), 5.5.10 (PHP), 5.5.3 (PHP), 5.5.4 (PHP), 5.5.23 (PHP), \u0434\u043e 5.4.39 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (PHP), 6 (Debian GNU/Linux), 5.5.22 (PHP), 10.04 (Ubuntu), 11.2 (Solaris)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttp://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7\n\nhttp://php.net/ChangeLog-5.php\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3330.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2015-3330\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2015-3330",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.06.2015",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02529",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-3330",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, PHP, Solaris",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.10 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 12.04 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 , Canonical Ltd. Ubuntu 10.04 , Oracle Corp. Solaris 11.2 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 php_handler (sapi/apache2handler/sapi_apache2.c) \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 php_handler (sapi/apache2handler/sapi_apache2.c) \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server, \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7\nhttps://bugs.php.net/bug.php?id=69218\nhttp://php.net/ChangeLog-5.php\nhttp://openwall.com/lists/oss-security/2015/04/17/7\nhttps://bugs.php.net/bug.php?id=68486\nhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\nhttps://support.apple.com/kb/HT205031\nhttps://support.apple.com/HT205267\nhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\nhttp://rhn.redhat.com/errata/RHSA-2015-1187.html\nhttp://rhn.redhat.com/errata/RHSA-2015-1135.html\nhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\nhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\nhttp://www.securityfocus.com/bid/74204\nhttps://security.gentoo.org/glsa/201606-10\nhttp://rhn.redhat.com/errata/RHSA-2015-1186.html\nhttp://www.ubuntu.com/usn/USN-2572-1\nhttp://www.securitytracker.com/id/1033703\nhttp://rhn.redhat.com/errata/RHSA-2015-1066.html\nhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html\nhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CNVD-2015-02935

Vulnerability from cnvd - Published: 2015-05-08

Title

PHP远程代码执行漏洞

Description

PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言支持多重语法、支持多数据库及操作系统和支持C、C++进行程序扩展等。 PHP存在安全漏洞。远程攻击者可利用漏洞执行任意代码，或造成拒绝服务。

Severity

中

Patch Name

PHP远程代码执行漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://www.php.net/ChangeLog-5.php#5.5.24

Reference

http://advisories.mageia.org/MGASA-2015-0169.html https://bugs.mageia.org/show_bug.cgi?id=15721

Impacted products

Name
['PHP Php 5.4.39', 'PHP Php 5.5.23', 'PHP Php 5.6.7']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3330"
    }
  },
  "description": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHP Group\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u652f\u6301\u591a\u91cd\u8bed\u6cd5\u3001\u652f\u6301\u591a\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u548c\u652f\u6301C\u3001C++\u8fdb\u884c\u7a0b\u5e8f\u6269\u5c55\u7b49\u3002\r\n\r\nPHP\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.php.net/ChangeLog-5.php#5.5.24",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02935",
  "openTime": "2015-05-08",
  "patchDescription": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHP Group\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u652f\u6301\u591a\u91cd\u8bed\u6cd5\u3001\u652f\u6301\u591a\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u548c\u652f\u6301C\u3001C++\u8fdb\u884c\u7a0b\u5e8f\u6269\u5c55\u7b49\u3002 \r\n\r\nPHP\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PHP\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "PHP Php 5.4.39",
      "PHP Php  5.5.23",
      "PHP Php  5.6.7"
    ]
  },
  "referenceLink": "http://advisories.mageia.org/MGASA-2015-0169.html\r\nhttps://bugs.mageia.org/show_bug.cgi?id=15721",
  "serverity": "\u4e2d",
  "submitTime": "2015-05-07",
  "title": "PHP\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2015-3330

Vulnerability from fkie_nvd - Published: 2015-06-09 18:59 - Updated: 2026-05-06 22:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7
cve@mitre.org	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Mailing List
cve@mitre.org	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
cve@mitre.org	http://openwall.com/lists/oss-security/2015/04/17/7	Third Party Advisory
cve@mitre.org	http://php.net/ChangeLog-5.php	Patch
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-1066.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-1135.html	Third Party Advisory
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-1186.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-1187.html	Third Party Advisory
cve@mitre.org	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
cve@mitre.org	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/74204
cve@mitre.org	http://www.securitytracker.com/id/1033703
cve@mitre.org	http://www.ubuntu.com/usn/USN-2572-1
cve@mitre.org	https://bugs.php.net/bug.php?id=68486	Permissions Required
cve@mitre.org	https://bugs.php.net/bug.php?id=69218	Exploit
cve@mitre.org	https://security.gentoo.org/glsa/201606-10
cve@mitre.org	https://support.apple.com/HT205267	Third Party Advisory
cve@mitre.org	https://support.apple.com/kb/HT205031	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2015/04/17/7	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://php.net/ChangeLog-5.php	Patch
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1066.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1135.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1186.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1187.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74204
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033703
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2572-1
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=68486	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=69218	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201606-10
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205267	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT205031	Third Party Advisory

Impacted products

Vendor	Product	Version
oracle	linux	6
oracle	linux	7
oracle	solaris	11.2
apple	mac_os_x	*
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node	7.0
redhat	enterprise_linux_hpc_node_eus	7.1
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_eus	7.1
redhat	enterprise_linux_workstation	7.0
php	php	*
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.0
php	php	5.5.1
php	php	5.5.2
php	php	5.5.3
php	php	5.5.4
php	php	5.5.5
php	php	5.5.6
php	php	5.5.7
php	php	5.5.8
php	php	5.5.9
php	php	5.5.10
php	php	5.5.11
php	php	5.5.12
php	php	5.5.13
php	php	5.5.14
php	php	5.5.18
php	php	5.5.19
php	php	5.5.20
php	php	5.5.21
php	php	5.5.22
php	php	5.5.23
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.0
php	php	5.6.2
php	php	5.6.3
php	php	5.6.4
php	php	5.6.5
php	php	5.6.6
php	php	5.6.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
              "versionEndIncluding": "10.10.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1228E622-0524-4254-BA07-6EED39637EA4",
              "versionEndIncluding": "5.4.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F6D9B19-E64D-4BED-9194-17460CE19E6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "3D25E591-448C-4E3B-8557-6E48F7571796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "6DA18F3F-B4B5-40C3-BF19-67C1F0C1787D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "3AF783C9-26E7-4E02-BD41-77B9783667E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "EF49701D-ECE4-4CEB-BDAB-24C09C8AD4B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "7AEDF6F7-001D-4A35-A26F-417991AD377F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "4031DB99-B4B4-41EC-B3C1-543D92C575A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "D5450EA7-A398-49D2-AA8E-7C95B074BAB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "04FE0E4E-BC94-4DC9-BE9B-DC57B952B2FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "BB8E09D8-9CBE-4279-88B7-24A214A5A537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "2D41ECCE-887D-49A2-9BB3-B559495AC55B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "79B418BC-27F4-4443-A0F7-FF4ADA568C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8EEBDF62-BA1B-4438-9AEA-8B56AA5713E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F644EA6C-50C6-4A1C-A4AC-287AA9477B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD47F30-74F5-48E8-8657-C2373FE2BD22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C09527B-6B47-41F8-BDE6-01C47E452286",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E454D87-23CB-4D7F-90FE-942EE54D661F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1031E646-F2CF-4A3E-8E6A-5D4BC950BEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "130E50C1-D209-4CFF-9399-69D561340FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F29948-9417-460B-8B04-D91AE4E8B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37D00C1-4F41-4400-9CE4-8E8BAA3E4142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "093D08B7-CC3C-4616-8697-F15B253A7D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9CD8FEE-DE7B-47CB-9985-4092BFA071D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30B2D9E-F289-43C9-BFBC-1CEF284A417E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE41CFDF-8ECD-41C1-94A7-5AFD42C5DDEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AEAC9BA-AF82-4345-839C-D339DCB962A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFE682F-52E3-48EC-A993-F522FC29712F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC63A449-5D92-4F5F-8186-B58FFFBA54FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "F18236F6-2065-4A6A-93E7-FD90E650C689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFBA84A-A4E4-438B-B9B5-8549809DCECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "146D3DC9-50F4-430B-B321-68ECE78879A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D5A7CA6-7653-46C5-8DF7-95584BF7A879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BA8300-2F4D-4C1E-8CCE-F45E8F3547A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "5BF4E8FF-A3EC-43E8-A0C1-FD38AFCB77B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "54ADECFC-3C07-43BC-B296-6C25AC7F1C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "FE192054-2FBB-4388-A52A-422E20DEA2D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "F0195D48-3B42-4AC0-B9C5-436E01C63879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "BF0E5D67-ABC1-41A5-94E1-7DD3CDB51D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "319E0573-B1AD-40B6-B4BC-8BE67ED3EFDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "1A7C00EB-87B7-4EB7-A4AC-8665D8C78467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "21BFCF10-786A-4D1E-9C37-50A1EC6056F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "95A6D6C8-5F46-4897-A0B0-778631E8CE6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE18933A-5FE6-41C7-B1B6-DA3E762C3FB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AE1289F-03A6-4621-B387-5F5ADAC4AE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "383697F5-D29E-475A-84F3-46B54A928889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "786ED182-5D71-4197-9196-12AB5CF05F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF90980D-74AD-44AA-A7C5-A0B294CCE4F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "48D6B69C-8F27-4F4C-B953-67A7F9C2FBA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\""
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n php_handler en sapi/apache2handler/sapi_apache2.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8, cuando Apache HTTP Server 2.4.x est\u00e1 utilizado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de solicitudes HTTP segmentadas que resultan en un \u0027interprete desconfigurado.\u0027"
    }
  ],
  "id": "CVE-2015-3330",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-09T18:59:03.613",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2015/04/17/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74204"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1033703"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2572-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://bugs.php.net/bug.php?id=68486"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=69218"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201606-10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT205267"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT205031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2015/04/17/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2572-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://bugs.php.net/bug.php?id=68486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.php.net/bug.php?id=69218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201606-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT205267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT205031"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2879-HR6W-P3MX

Vulnerability from github – Published: 2022-05-13 01:29 – Updated: 2025-04-12 12:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-09T18:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\"",
  "id": "GHSA-2879-hr6w-p3mx",
  "modified": "2025-04-12T12:48:36Z",
  "published": "2022-05-13T01:29:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3330"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=68486"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=69218"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201606-10"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205267"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT205031"
    },
    {
      "type": "WEB",
      "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7"
    },
    {
      "type": "WEB",
      "url": "http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2015/04/17/7"
    },
    {
      "type": "WEB",
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74204"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033703"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2572-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-3330 (GCVE-0-2015-3330)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature